Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
Copyright 2021 OmniOS Community Edition (OmniOSce) Association.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
prctl (1)
projadd (8)
projmod (8)
rctladm (8)
In a program, you use setrctl(2) to set resource control values.
In addition to the preceding resource controls, there are resource pools, accessible through the pooladm(8) and poolcfg(8) utilities. In a program, resource pools can be manipulated through the libpool(3LIB) library.
The following are the resource controls are available: process.max-address-space
Maximum amount of address space, as summed over segment sizes, that is available to this process, expressed as a number of bytes.
Maximum size of a core file created by this process, expressed as a number of bytes.
Maximum CPU time that is available to this process, expressed as a number of seconds.
Maximum heap memory available to this process, expressed as a number of bytes.
Maximum file descriptor index available to this process, expressed as an integer.
Maximum file offset available for writing by this process, expressed as a number of bytes.
Total amount of physical memory that can be locked by this process, expressed as a number of bytes. This limit is not enforced for a process with the PRIV_PROC_LOCK_MEMORY privilege. Because the ability to lock memory is controlled by the PRIV_PROC_LOCK_MEMORY privilege within native zones, this resource control is only useful within branded zones which might support a different policy for locking memory.
Maximum number of messages on a message queue (value copied from the resource control at msgget() time), expressed as an integer.
Maximum number of bytes of messages on a message queue (value copied from the resource control at msgget() time), expressed as a number of bytes.
Maximum allowable number of events per event port, expressed as an integer.
Maximum number of semaphores allowed per semaphore set, expressed as an integer.
Maximum number of semaphore operations allowed per semop call (value copied from the resource control at semget() time). Expressed as an integer, specifying the number of operations.
Maximum number of outstanding queued signals.
Maximum stack memory segment available to this process, expressed as a number of bytes.
Maximum amount of CPU resources that a project can use. The unit used is the percentage of a single CPU that can be used by all user threads in a project. Expressed as an integer. The cap does not apply to threads running in real-time scheduling class. This resource control does not support the syslog action.
Number of CPU shares granted to a project for use with the fair share scheduler (see FSS(4)). The unit used is the number of shares (an integer). This resource control does not support the syslog action.
Maximum number of contracts allowed in a project, expressed as an integer.
Maximum amount of kernel memory that can be used for crypto operations. Allocations in the kernel for buffers and session-related structures are charged against this resource control.
Total amount of physical memory locked by device drivers and user processes (including D/ISM), expressed as a number of bytes.
Maximum number of LWPs simultaneously available to a project, expressed as an integer.
Maximum number of message queue IDs allowed for a project, expressed as an integer.
Maximum number of processes simultaneously available to a project, expressed as an integer.
Maximum allowable number of event ports, expressed as an integer.
Maximum number of semaphore IDs allowed for a project, expressed as an integer.
Maximum number of shared memory IDs allowed for a project, expressed as an integer.
Total amount of shared memory allowed for a project, expressed as a number of bytes.
Maximum number of tasks allowable in a project, expressed as an integer.
Binds a specified resource pool with a project.
The total amount of physical memory, in bytes, that is available to processes in a project.
Maximum CPU time that is available to this task's processes, expressed as a number of seconds.
Maximum number of LWPs simultaneously available to this task's processes, expressed as an integer.
Maximum number of processes simultaneously available to this task, expressed as an integer.
The following zone-wide resource controls are available: zone.cpu-cap
Sets a limit on the amount of CPU time that can be used by a zone. The unit used is the percentage of a single CPU that can be used by all user threads in a zone. Expressed as an integer. When projects within the capped zone have their own caps, the minimum value takes precedence. This resource control does not support the syslog action.
Sets a limit on the number of fair share scheduler (FSS) CPU shares for a zone. CPU shares are first allocated to the zone, and then further subdivided among projects within the zone as specified in the project.cpu-shares entries. Expressed as an integer. This resource control does not support the syslog action.
Total amount of physical locked memory available to a zone.
Enhances resource isolation by preventing too many LWPs in one zone from affecting other zones. A zone's total LWPs can be further subdivided among projects within the zone by using project.max-lwps entries. Expressed as an integer.
Maximum number of message queue IDs allowed for a zone, expressed as an integer.
Enhances resource isolation by preventing too many processes in one zone from affecting other zones. A zone's total processes can be further subdivided among projects within the zone by using project.max-processes entries. Expressed as an integer.
Maximum number of semaphore IDs allowed for a zone, expressed as an integer.
Maximum number of shared memory IDs allowed for a zone, expressed as an integer.
Total amount of shared memory allowed for a zone, expressed as a number of bytes.
Total amount of swap that can be consumed by user process address space mappings and tmpfs mounts for this zone.
See zones(7).
Category Res Ctrl Modifier Scale Type String ----------- ----------- -------- ----- Size bytes B 1 KB 2^10 MB 2^20 GB 2^30 TB 2^40 PB 2^50 EB 2^60 Time seconds s 1 Ks 10^3 Ms 10^6 Gs 10^9 Ts 10^12 Ps 10^15 Es 10^18 Count integer none 1 K 10^3 M 10^6 G 10^9 T 10^12 P 10^15 Es 10^18
Scaled values can be used with resource controls. The following example shows a scaled threshold value:
task.max-lwps=(priv,1K,deny)
In the project file, the value 1K is expanded to 1000:
task.max-lwps=(priv,1000,deny)
A second example uses a larger scaled value:
process.max-file-size=(priv,5G,deny)
In the project file, the value 5G is expanded to 5368709120:
process.max-file-size=(priv,5368709120,deny)
The preceding examples use the scaling factors specified in the table above.
Note that unit modifiers (for example, 5G) are accepted by the prctl(1), projadd(8), and projmod(8) commands. You cannot use unit modifiers in the project database itself.
Each threshold value on a resource control must be associated with a privilege level. The privilege level must be one of the following three types: basic
Can be modified by the owner of the calling process.
Can be modified by the current process (requiring sys_resource privilege) or by prctl(1) (requiring proc_owner privilege).
Fixed for the duration of the operating system instance.
A resource control is guaranteed to have one system value, which is defined by the system, or resource provider. The system value represents how much of the resource the current implementation of the operating system is capable of providing.
Any number of privileged values can be defined, and only one basic value is allowed. Operations that are performed without specifying a privilege value are assigned a basic privilege by default.
The privilege level for a resource control value is defined in the privilege field of the resource control block as RCTL_BASIC, RCTL_PRIVILEGED, or RCTL_SYSTEM. See setrctl(2) for more information. You can use the prctl command to modify values that are associated with basic and privileged levels.
In specifying the privilege level of privileged, you can use the abbreviation priv. For example:
task.max-lwps=(priv,1K,deny)
Global actions apply to resource control values for every resource control on the system. You can use rctladm(8) to perform the following actions:
Display the global state of active system resource controls.
Set global logging actions.
You can disable or enable the global logging action on resource controls. You can set the syslog action to a specific degree by assigning a severity level, syslog=level. The possible settings for level are as follows:
debug
info
notice
warning
err
crit
alert
emerg
By default, there is no global logging of resource control violations.
Local actions are taken on a process that attempts to exceed the control value. For each threshold value that is placed on a resource control, you can associate one or more actions. There are three types of local actions: none, deny, and signal=. These three actions are used as follows: none
No action is taken on resource requests for an amount that is greater than the threshold. This action is useful for monitoring resource usage without affecting the progress of applications. You can also enable a global message that displays when the resource control is exceeded, while, at the same time, the process exceeding the threshold is not affected.
You can deny resource requests for an amount that is greater than the threshold. For example, a task.max-lwps resource control with action deny causes a fork() system call to fail if the new process would exceed the control value. See the fork(2).
You can enable a global signal message action when the resource control is exceeded. A signal is sent to the process when the threshold value is exceeded. Additional signals are not sent if the process consumes additional resources. Available signals are listed below.
Not all of the actions can be applied to every resource control. For example, a process cannot exceed the number of CPU shares assigned to the project of which it is a member. Therefore, a deny action is not allowed on the project.cpu-shares resource control.
Due to implementation restrictions, the global properties of each control can restrict the range of available actions that can be set on the threshold value. (See rctladm(8).) A list of available signal actions is presented in the following list. For additional information about signals, see signal(3HEAD).
The following are the signals available to resource control values: SIGABRT
Terminate the process.
Send a hangup signal. Occurs when carrier drops on an open line. Signal sent to the process group that controls the terminal.
Terminate the process. Termination signal sent by software.
Terminate the process and kill the program.
Stop the process. Job control signal.
Resource control limit exceeded. Generated by resource control facility.
Terminate the process. File size limit exceeded. Available only to resource controls with the RCTL_GLOBAL_FILE_SIZE property (process.max-file-size). See rctlblk_set_value(3C).
Terminate the process. CPU time limit exceeded. Available only to resource controls with the RCTL_GLOBAL_CPUTIME property (process.max-cpu-time). See rctlblk_set_value(3C).
Local flags define the default behavior and configuration for a specific threshold value of that resource control on a specific process or process collective. The local flags for one threshold value do not affect the behavior of other defined threshold values for the same resource control. However, the global flags affect the behavior for every value associated with a particular control. Local flags can be modified, within the constraints supplied by their corresponding global flags, by the prctl command or the setrctl system call. See setrctl(2).
For the complete list of local flags, global flags, and their definitions, see rctlblk_set_value(3C).
To determine system behavior when a threshold value for a particular resource control is reached, use rctladm to display the global flags for the resource control . For example, to display the values for process.max-cpu-time, enter:
$ rctladm process.max-cpu-time process.max-cpu-time syslog=off [ lowerable no-deny cpu-time inf seconds ]
The global flags indicate the following: lowerable
Superuser privileges are not required to lower the privileged values for this control.
Even when threshold values are exceeded, access to the resource is never denied.
SIGXCPU is available to be sent when threshold values of this resource are reached.
The time value for the resource control.
Use the prctl command to display local values and actions for the resource control. For example:
$ prctl -n process.max-cpu-time $$ process 353939: -ksh NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT process.max-cpu-time privileged 18.4Es inf signal=XCPU - system 18.4Es inf none
The max (RCTL_LOCAL_MAXIMAL) flag is set for both threshold values, and the inf (RCTL_GLOBAL_INFINITE) flag is defined for this resource control. An inf value has an infinite quantity. The value is never enforced. Hence, as configured, both threshold quantities represent infinite values that are never exceeded.
ATTRIBUTE TYPE ATTRIBUTE VALUE |
Interface Stability Evolving |
System Administration Guide: Virtualization Using the Solaris Operating System